Bitcoin has a huge scaling problem—Lightning could be the solution

The Lightning network could enable much cheaper and faster bitcoin payments.

Three startups are getting ready to launch one of the most ambitious and important cryptocurrency experiments since the creation of bitcoin itself. Called Lightning, the project aims to build a fast, scalable, and cryptographically secure payment network layered on top of the existing bitcoin network.

Essentially, Lightning aims to solve the big problem that has loomed over bitcoin in recent years: Satoshi Nakamoto's design for bitcoin is comically unscalable. It requires every full node in bitcoin's peer-to-peer network to receive and store a copy of every transaction ever made on the network.

Initially, that design was vital to achieving Nakamoto's vision of a fully decentralized payment network. But as Purdue computer scientist Pedro Moreno-Sanchez told Ars, it creates a big challenge as the network becomes more popular. "We have reached a point where it's not suitable any more to keep growing," he said.

Lightning could offer a way out of this bind. It shifts routine payments outside of the blockchain, clearing away the most significant obstacle to bitcoin's continued growth.

In fact, the Lightning project could potentially do much more than that. Lightning payments are expected to be faster, cheaper, and more private than conventional bitcoin payments. Proponents see Lightning as a new, second layer in the bitcoin software stack. They hope Lightning will expand the appeal of bitcoin in much the same way the Web helped the Internet go mainstream.

The key ideas behind Lightning were proposed by Joseph Poon and Thaddeus Dryja in a 2015 white paper, but it's taken three years to translate the proposal into fully working code. Today, three different companies—San Francisco startups Blockstream and Lightning Labs and Paris startup ACINQ—are working on parallel implementations of the Lightning technology stack. The trio released version 1.0 of the Lightning specification in December, and the companies are now racing to get their software ready for use by the general public.

So, what's on the horizon as bitcoin prepares for Lightning to strike? To truly understand, it's important to first understand how Lightning uses the cryptographic primitives of the bitcoin network to make secure payments outside the blockchain (you're in luck—we'll explain). From there, we'll take a step back and consider the key strengths and weaknesses that the new network is likely to have once it's deployed at scale.

Lightning's core idea: Chaining payment channels together

The basic unit of the Lightning network is called the payment channel. This is a private conversation between two users that enables the exchange of cryptographically enforceable IOUs. As long as both parties follow the rules, there's no need to broadcast these individual transactions to the broader bitcoin network. In principle, two parties can make dozens, hundreds, or even thousands of payments to one another without cluttering up the blockchain.

In the Lightning vision, the old-fashioned bitcoin network becomes a cryptographic backstop for these payment channels. The IOUs are actually cleverly-formatted bitcoin transactions called commitment transactions that haven't yet been submitted to the bitcoin network. A user always has an option to "cash out" by posting the current commitment transaction to the blockchain and collecting the money she's owed.

But payment channels aren't enough to solve bitcoin's scaling challenges on their own. In the real world, people want to make payments to a lot of different people—including a lot of one-off payments to people they're never going to interact with again. Each payment channel generates two bitcoin transactions: one to open it, and a second to close it. So if people had to open a new payment channel to every recipient, congestion on the blockchain might get worse rather than better.

So the Lightning network provides a cryptographically secure method for chaining payment channels together. If Alice has a payment channel with Bob and Bob has a payment channel with Carol, then Alice can pay Carol by sending some money to Bob and asking Bob to forward the money on to Carol. Crucially, the Lightning protocol guarantees that Bob can't steal the money as it passes through his hands.

The ability to securely chain payment channels together creates the possibility of stitching millions of people together into a single global payment network. Instead of opening a new payment channel to each new recipient, users find a chain of already-open payment channels that connect them to new recipients. That means you can use a single payment channel to make lots of payments to many different people—all while generating just a handful of transactions on the underlying blockchain.

How payment channels work

To really understand how Lightning works, you have to understand how bitcoin transactions work. You might want to read the first page of our bitcoin primer, which explains this in detail. But in a nutshell, a bitcoin transaction is a list of inputs and outputs, with each input pointing to the output of an earlier bitcoin transaction.

Each output specifies the conditions that need to be satisfied in order to spend the coins in that output. The simplest transactions just require a digital signature—cryptographic proof that a transaction has been approved by the owner of a particular private key.

Suppose Alice wants to send a payment to Bob. Alice could create a bitcoin transaction that says "Send three bitcoins to Bob." To spend those three bitcoins, Bob creates a new transaction whose input points back to Alice's transaction and whose output sends the bitcoins on to someone else. He uses his private key to sign this new transaction and submit it to the bitcoin network. If the signature is valid, the transaction becomes part of the blockchain.

Further Reading

Bitcoin has a scripting language that allows transactions to specify arbitrarily complex conditions for spending outputs. For example, suppose Alice has a second friend Charlie. She could create a bitcoin transaction with an output that says "These three bitcoins can only be spent with signatures from both Bob and Charlie." To unlock those funds, Bob and Charlie would have to work together, generating a single bitcoin transaction that's signed by both of their private keys.

With that background, here's how a payment channel works. Suppose Alice and Bob want to open a payment channel with 10 bitcoins in it—five from Alice and five from Bob. Alice and Bob will construct a bitcoin transaction that takes five bitcoins from Alice and five bitcoins from Bob. The transaction has a single output with a two-signature condition: both Alice and Bob have to sign a transaction in order to spend the 10 bitcoins.

Alice and Bob also construct a second transaction, called a commitment transaction, that reverses the effect of the first transaction. This new transaction takes the 10 bitcoins from the previous transaction as its input. It has one output sending five bitcoins back to Alice and a second output sending the other five bitcoins back to Bob. Alice and Bob each sign both transactions.

Then—and this is the crucial step—they only submit the first transaction to the network. This effectively puts 10 bitcoins into a shared account jointly controlled by Alice and Bob. If either one of them ever decides they want their bitcoins back, they can submit that second transaction to the network. But as long as neither of them does this, the channel remains open, and Alice and Bob can effectively send bitcoins to one another without putting anything on the blockchain.

If Alice wants to send Bob one bitcoin, she creates a new commitment transaction. Instead of sending Alice's five bitcoins back to Alice and Bob's five bitcoins back to Bob, the new commitment transaction says "four bitcoins to Alice, six bitcoins to Bob."

Alice signs this commitment transaction and gives it to Bob, who signs it and sends it back. Alice and Bob both destroy their copies of the previous commitment transactions (the one that gave five bitcoins each to Alice and Bob). Now Bob "owns" six bitcoins and Alice "owns" four—all without broadcasting anything to the blockchain.

Alice and Bob can repeat this process an unlimited number of times. Suppose Bob next wants to pay Alice three bitcoins. He creates a new transaction that says "seven bitcoins to Alice, three bitcoins to Bob," signs it, and sends it to Alice. She signs it and sends it back. They destroy their copies of the previous transaction and Alice now effectively owns seven of the 10 bitcoins in the channel. Again, nothing gets added to the blockchain.

The key idea here is that neither Alice nor Bob is ever in danger of having their coins stolen by the other party—or of having their coins locked up in a state where they can't recover them. Each of them has a copy of the current commitment transaction, which either of them can submit to the blockchain at any time to unilaterally withdraw their own funds (returning the other party's funds at the same time).

Very good explanation of the subject. But as I understand it one of, if not the, main reason for using blockchain based currencies is they remove the need for a trusted intermediary.

So the solution to the problems with blockchain revolve around removing its primary strength by introducing a trusted intermediary? I don't see how lightning offers any benefit over western union other than these new networks allow the dodging of regulations, an attribute which I am sure regulators will catch up with.

Very good explanation of the subject. But as I understand it one of, if not the, main reason for using blockchain based currencies is they remove the need for a trusted intermediary.

So the solution to the problems with blockchain revolve around removing its primary strength by introducing a trusted intermediary? I don't see how lightning offers any benefit over western union other than these new networks allow the dodging of regulations, an attribute which I am sure regulators will catch up with.

The innovative thing about Lightning is it introduces an *untrusted* intermediary. Nodes in the middle of a Lightning payment chain can't take your money, which makes it different from all conventional financial intermediaries I can think of.

I'm still not seeing how this makes Bitcoin any better than conventional networks.

Sure I pay (indirectly) a fee when I pay for something with Visa, or PayPal, firstly it's quick and cheap (unlike Bitcoin), but I also get in return for the fee useful services like fraud protection, insurance...which I rather like having. Where's my recourse if I pay for something online in crypto and get a brick in the post? Smart contracts don't help as I've already signed for the package and completed the contract.

Until bitcoin addresses the totally unsustainable and irresponsibly use of energy for mining, I have zero interest in ever using it for anything.

I didn't do the math (and don't mind laying it on me), but how much more energy will a hypothetical future of a crypto-pure banking system consume than the current system which includes maintenance, infrastructure, personnel, etc? I understand that the two systems working in tandem right now make for a ecological nightmare, but if the two are comparable, then the idea of only using crypto isn't that damning. Assuming of course the kinks get worked out in quick fashion.

Engage in just a minor thought experiment for me. If bitcoins were worth $20M, how much electricity would it make sense to spend to mine them? Rational economic actors would spend Up to $20M. That's why it's unsustainable., and an ecological disaster.

Until bitcoin addresses the totally unsustainable and irresponsibly use of energy for mining, I have zero interest in ever using it for anything.

Does lightning not do that though? Moving transactions off the blockchain should reduce mining too.

At best indirectly. The cost of mining doesn't directly depend on the number of transactions in each block. In practice, it depends on the dollar value of the block reward and the total of fees of all transactions in the block. The block reward halves every four years. I have no idea what the plan for fees is, but a smaller number of transactions with higher fees per transaction is entirely possible, desired by some, and would lead to the same revenue (in Bitcoin) to miners. The real-world, dollar value depends on the current market price. Miners will adjust their spending on electricity to match their revenue, less a percentage for profit.

Anyway, good article, if a wall of words. It's the article I've been waiting for for months.

I'm wrong in thinking that Lighting is going to create the opportunity of a service like Visa to be created? I as a middleman create a bunch of Lighting channels to thousands of sellers, and then thousands of buyers open up channels with me. And that way I'm in the middle charging less than doing a transaction directly in the blockchain.

Until bitcoin addresses the totally unsustainable and irresponsibly use of energy for mining, I have zero interest in ever using it for anything.

I didn't do the math (and don't mind laying it on me), but how much more energy will a hypothetical future of a crypto-pure banking system consume than the current system which includes maintenance, infrastructure, personnel, etc? I understand that the two systems working in tandem right now make for a ecological nightmare, but if the two are comparable, then the idea of only using crypto isn't that damning. Assuming of course the kinks get worked out in quick fashion.

Engage in just a minor thought experiment for me. If bitcoins were worth $20M, how much electricity would it make sense to spend to mine them? Rational economic actors would spend Up to $20M. That's why it's unsustainable., and an ecological disaster.

If bitcoin was worth $20 million, then the network would be worth 400+ trillion, which is like an order of magnitude more money than currently exists in the world.

So this is a silly thought experiment that doesn’t adhere closely enough to reality to have any relevance. If bitcoin was $20 million, it would be because dollars are so worthless than $20 million isn’t actually a lot of money anymore. and/or that bitcoin is the primary form of currency in the world, and this would be a reasonably manageable expense given how the rate of bitcoin distribution declines exponentially every 4 years.

Agreed that $20M bitcoin is unrealistic. That's besides the point though. Whatever the price, it will make sense to spend that much in electricity to mine them. The exponential decline only exacerbates the problem.

I'm still not seeing how this makes Bitcoin any better than conventional networks.

Sure I pay (indirectly) a fee when I pay for something with Visa, or PayPal, firstly it's quick and cheap (unlike Bitcoin), but I also get in return for the fee useful services like fraud protection, insurance...which I rather like having. Where's my recourse if I pay for something online in crypto and get a brick in the post? Smart contracts don't help as I've already signed for the package and completed the contract.

Too much blockchain hype is predicated on Financial Services = Bad.

If you want fraud protection, and have a bank account and a credit card, that's fine. Bitcoin may not be for you.

First, Bitcoin is supposed to be quick and cheap, used to be quick and cheap, would be quick and cheap now if only they'd increase the block size, and will become quick and cheap again if the Lightning Network fulfils its promise. Making digs about that isn't appropriate here. It suggests you didn't read the article.

The benefit of Bitcoin is that it's cheap, trust-free, permissionless and decentralised. There are many people who don't have bank accounts but do have mobile phones. There are people who run businesses but can't accept credit card payments because the credit card companies don't approve of them. We shouldn't need permission to pay someone online, any more than we need permission to give them cash. Cash also has no fraud protection.

Fiat currencies are run by governments and institutions who have enormous power over them, and history shows that power corrupts. The average lifetime of a fiat currencies is about 40 years. They don't all die from inflation but a lot of them do. Bitcoin is also an attempt to address that.

Most of this is not an issue if you are a wealthy American. If you don't get Bitcoin, it may be because you don't suffer from the problems it is trying to solve.

This seems extremely complicated and requiring active participation from all parties.

If I have a payment channel open and transactions are going through my payment channel (chained or not) do I have to constantly be running my wallet to actually handle both the acceptance, revocation, or hashing channel verifications (to pass transactions down the line)?

If Bob opens a channel to Charlie with 10 bitcoins and does a transaction to Charlie for all 10 bitcoin (he's paying charlie 10 bitcoin) that channel is no longer usable unless bitcoins flow backwards to Bob right (Bob can't go negative and thus no more bitcoins can flow to charlie through bob).

This sounds like a kludge. There are, what, at least a hundred digital currencies with significant market capitalization? Surely we can find one that wasn't intentionally hamstrung by the founder?

What the founder did was irrelevant, it remains intentionally hamstrung by its current maintainers to preserve decentralization to the greatest extent possible. Bitcoin cash removes those constraints but it remains to be seen whether on-chain scaling is a viable long term solution or if like the critics of lightning network claims, it leads to a semi-centralized system no different than the banking system we already have.

There are many other solutions that have theoretically higher TPS, but they’re unproven, sacrifice decentralization, or both.

No one would be actually implementing something as complex as lightning if there was an easier way - so even if you don’t understand why, common sense should dictate that there are good reasons for doing so.

Hub-and-spoke topology:-I open a (lightning channel / credit card) with (Coinbase / VISA) to do my transactioning.-I buy something off (Bitazon / Amazon) or (BitBay / eBay), who also have a (lightning channel / merchant account) with (Coinbase / VISA)-Thing arrives in the mail. Hooray!

Sounds _exactly_ the same as the current credit-card-based payment system. I suppose I don't have to trust coinbase to not lose my money with the lightning method, but I already trust Visa to not lose my money or add spurious charges. In fact, I trust them significantly more than I trust the complex volunteer-written wallet software that'll be required to pull off a lightning transaction.

Point-to-point:-I open a channel to BitEgg to buy some computer parts (transaction committed to blockchain)-We do our transaction-My thing arrives in the mail-I close my channel (transaction committed to blockchain)

Seems to require more blocks committed, unless I keep channels open to every little merchant I buy stuff off of for all time.

Just a warning, there is a bug in the CMS with this article. When the article uses infinite scroll it only shows the first two pages. I only saw the 2nd two pages after making a comment and being given the pager.

Until bitcoin addresses the totally unsustainable and irresponsibly use of energy for mining, I have zero interest in ever using it for anything.

I didn't do the math (and don't mind laying it on me), but how much more energy will a hypothetical future of a crypto-pure banking system consume than the current system which includes maintenance, infrastructure, personnel, etc? I understand that the two systems working in tandem right now make for a ecological nightmare, but if the two are comparable, then the idea of only using crypto isn't that damning. Assuming of course the kinks get worked out in quick fashion.

Engage in just a minor thought experiment for me. If bitcoins were worth $20M, how much electricity would it make sense to spend to mine them? Rational economic actors would spend Up to $20M. That's why it's unsustainable., and an ecological disaster.

If bitcoin was worth $20 million, then the network would be worth 400+ trillion, which is like an order of magnitude more money than currently exists in the world.

So this is a silly thought experiment that doesn’t adhere closely enough to reality to have any relevance. If bitcoin was $20 million, it would be because dollars are so worthless than $20 million isn’t actually a lot of money anymore. and/or that bitcoin is the primary form of currency in the world, and this would be a reasonably manageable expense given how the rate of bitcoin distribution declines exponentially every 4 years.

Agreed that $20M bitcoin is unrealistic. That's besides the point though. Whatever the price, it will make sense to spend that much in electricity to mine them. The exponential decline only exacerbates the problem.

No, the exponential decline counterbalances the problem. If the rate of bitcoin distribution declines 8x while electricity consumption per BTC increased 8x, total consumption per day hasn’t changed.

Maybe I missed it in the article, but what happens if an intermediate disappears? If Lightning envisions companies offering services as an intermediary, at some point one or more will go bankrupt. Is there a situation where a transaction can't be unwound because a signature is unobtainable?

Also, doesn't Lightning destroy the ability of the blockchain to serve as a source of truth? I always thought that one of the biggest features of cryptocurrencies is that there is a distributed ledger that could always be relied on in case of dispute. Lightning seems to obliterate that since many (most?) transactions never make it to the blockchain and there will be a load of unsubmitted transactions accumluating over time.

I'm wrong in thinking that Lighting is going to create the opportunity of a service like Visa to be created? I as a middleman create a bunch of Lighting channels to thousands of sellers, and then thousands of buyers open up channels with me. And that way I'm in the middle charging less than doing a transaction directly in the blockchain.

Yes. That is one vision. A company called Blockstream is now largely responsible for funding Bitcoin core development, and some people think they are preventing block size increases in order to promote the Lightning Network because they see themselves in that Visa-like role, collecting a slice off every transaction they process. This article has discussed the technical side, but there also a lot of politics going on. The claim that Satoshi Nakamoto's vision of increasing the block size is "comically unscalable" is controversial. Not all nodes need to be full nodes, and the original whitepaper included a protocol for trust-free payments using lightweight nodes.

I'm still holding out hope for the price to totally tank or get regulated out of existence so I can afford to buy GPUs again.

Keep in mind that GPUs are scarce because of ethereum and other coins like it, not BTC. It's been a long time since you could profitably mine BTC with GPUs.

In bad news for gamers, Ethereum seems to be the least down of the ones that Coinbase tracks. Current values compared to peak December values:Ethereum: ~67% of peakBTC: ~42% of peakBitcoin Cash: ~35% of peakLTC: ~45% of peak

Quote:

Maybe I missed it in the article, but what happens if an intermediate disappears? If Lightning envisions companies offering services as an intermediary, at some point one or more will go bankrupt. Is there a situation where a transaction can't be unwound because a signature is unobtainable?

Based on my interpretation of the article:1) A<->B<->C are in a chain2) B disappears3) A and C can both submit their most recent commitment transactions from their channels with B to the blockchain, thus resetting their coin counts. Costs them transaction fees, but hopefully not an egregious amount.

Maybe I missed it in the article, but what happens if an intermediate disappears? If Lightning envisions companies offering services as an intermediary, at some point one or more will go bankrupt. Is there a situation where a transaction can't be unwound because a signature is unobtainable?

Also, doesn't Lightning destroy the ability of the blockchain to serve as a source of truth? I always thought that one of the biggest features of cryptocurrencies is that there is a distributed ledger that could always be relied on in case of dispute. Lightning seems to obliterate that since many (most?) transactions never make it to the blockchain and there will be a load of unsubmitted transactions accumluating over time.

You should probably read it again - the blockchain remains a source of truth in the sense that consistency is maintained and bitcoins can’t be double spent and such. If the chain is self-consistent and the channels are individually self-consistent, then the entire system is cobsistent. Any malicious behavior on a lightning channel is contained within that channel, because other nodes and the main chain will not accept them.

This seems extremely complicated and requiring active participation from all parties.

If I have a payment channel open and transactions are going through my payment channel (chained or not) do I have to constantly be running my wallet to actually handle both the acceptance, revocation, or hashing channel verifications (to pass transactions down the line)?

Yes, that's correct. It's a valid criticism. It will probably lead to people offering to run your payment channel 24/7 for you, for a fee, making it look even more like a conventional credit card.

Quote:

If Bob opens a channel to Charlie with 10 bitcoins and does a transaction to Charlie for all 10 bitcoin (he's paying charlie 10 bitcoin) that channel is no longer usable unless bitcoins flow backwards to Bob right (Bob can't go negative and thus no more bitcoins can flow to charlie through bob).

Again correct. As I understand it, every month you'd use your salary to buy 10 more Bitcoins from an exchange, then send those Bitcoins to your own account via Charlie, and that would replenish the channel and allow you to spend with it again.

Until bitcoin addresses the totally unsustainable and irresponsibly use of energy for mining, I have zero interest in ever using it for anything.

I didn't do the math (and don't mind laying it on me), but how much more energy will a hypothetical future of a crypto-pure banking system consume than the current system which includes maintenance, infrastructure, personnel, etc? I understand that the two systems working in tandem right now make for a ecological nightmare, but if the two are comparable, then the idea of only using crypto isn't that damning. Assuming of course the kinks get worked out in quick fashion.

Financial institutions will still exist. People will still want to invest in companies, to put their money somewhere with interest, to have a third party take on fraud risk instead of paying directly with their wallet, and to buy insurance.

All of the services banks provide souls still be provided. Including payment networks, because people will still prefer to spend credit.